CVE-2020-5360

CWE-127 CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.5HIGH

EPSS

2.1%

top 15.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Dell Bsafe Micro Edition Suite Dell Bsafe Micro-edition-suite Oracle Database +3 more

Timeline

PublishedDec 16

Latest updateMay 24

Description

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDdell/bsafe_micro-edition-suite< 4.5

▶CVEListV5dell/dell_bsafe_micro_edition_suiteunspecified — 4.5

▶NVDoracle/database4 versions+3

▶NVDoracle/weblogic11.1.1.9.0, 12.1.3.0, 12.2.1.4.0+2

▶NVDoracle/http_server11.1.1.9.0, 12.1.3.0, 12.2.1.4.0+2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-hpmf-2v4h-c97c: Dell BSAFE Micro Edition Suite, versions prior to 4↗2022-05-24

▶

CVEList

CVE-2020-5360: Dell BSAFE Micro Edition Suite, versions prior to 4↗2020-12-16

▶

📋Vendor Advisories

Oracle

Oracle Oracle Database Server Risk Matrix: Oracle Database - Enterprise Edition Security (Dell BSAFE Micro Edition Suite) — CVE-2020-5360↗2021-04-15

▶